Re: [PATCH v12 00/18] Enable FSGSBASE instructions

From: Sasha Levin
Date: Fri May 15 2020 - 19:07:43 EST

Next message: Krish Sadhukhan: "Re: [PATCH 2/7] KVM: SVM: extract load_nested_vmcb_control"
Previous message: Tang Bin: "[PATCH v2] net/mlx5e: Use IS_ERR() to check and simplify code"
In reply to: Andi Kleen: "Re: [PATCH v12 00/18] Enable FSGSBASE instructions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 15, 2020 at 10:55:50AM -0700, Andi Kleen wrote:

Indeed, we've seen a few hacks that basically just enable FSGSBASE:

- https://github.com/oscarlab/graphene-sgx-driver
- https://github.com/occlum/enable_rdfsbase

And would very much like to get rid of them...

These are insecure and open root holes without the patches
used here.

It's sad that these hacks are being used alongside SGX on "secure"
systems.

--
Thanks,
Sasha

Next message: Krish Sadhukhan: "Re: [PATCH 2/7] KVM: SVM: extract load_nested_vmcb_control"
Previous message: Tang Bin: "[PATCH v2] net/mlx5e: Use IS_ERR() to check and simplify code"
In reply to: Andi Kleen: "Re: [PATCH v12 00/18] Enable FSGSBASE instructions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]